基于Silverlight的RIA架構(gòu)及百度應(yīng)用

基于Silverlight的RIA架構(gòu)

及百度應(yīng)用楊丹資深.NET架構(gòu)師微軟〔中國〕陳廣琛Web前端工程師百度議題RIA與應(yīng)用平臺趨勢Silverlight應(yīng)用架構(gòu)界面模型邏輯分層網(wǎng)絡(luò)訪問平安機制百度Silverlight應(yīng)用RIA與應(yīng)用平臺趨勢純Web在Web上實現(xiàn)通過Web部署WebDesktopRIAHTMLRichnessReachDHTMLAJAXSilverlightWinFormWPFPlug-in界面更美觀像桌面應(yīng)用動畫多媒體Silverlight架構(gòu)純Web界面更美觀開發(fā)更高效SilverlightRuntimePresentation

CoreCoreCLRSmallBCLGarbageCollectorSecurityExceptionLoaderDebuggingXAMLMediaDRMSilverlight應(yīng)用架構(gòu)BrowserSilverlightSilverlightWebServerB/LB/LB/L邏輯分層平安機制網(wǎng)絡(luò)訪問界面模型界面模型如何與HTML頁面結(jié)合？三種選擇RIA與HTMLRIA與RIA單體RIA模塊粒度松散耦合本地通訊MVC/MVPRIA與RIA－本地訪問Silverlight與HTML對象：JavaScript接口Silverlight應(yīng)用之間：本地消息Domain1本地消息接受者LocalMessageReceiver本地消息發(fā)送者LocalMessageSenderDomain2本地消息接受者LocalMessageReceiver本地消息發(fā)送者LocalMessageSender單體RIA－按需加載Silverlight應(yīng)用應(yīng)用Package(.xap)In-Package文件應(yīng)用程序集(.dll)ApplicationClassApplicationClass資源文件Library程序集ApplicationClassApplicationClass資源文件ExternalPart程序集Library程序集ApplicationClassApplicationClass資源文件On-Demand程序集Library程序集ApplicationClassApplicationClass資源文件EntryPoint〔緩存〕〔延后〕界面模型－控制流轉(zhuǎn)面向頁面vs.面向GUI頁面GUISilverlight導航：相對于Application的狀態(tài)NavigationFramework：Frame,Page<HyperlinkButton

TargetName="MainContent“NavigateUri="/Views/List/Products.xaml"></HyperlinkButton>邏輯分層多層架構(gòu)VS.C/S架構(gòu)Silverlight應(yīng)用定位邏輯寫在何處？與ASP.NETMVC的關(guān)系？簡單展現(xiàn)邏輯包含較多邏輯安全性暴露展現(xiàn)數(shù)據(jù)暴露業(yè)務(wù)邏輯和數(shù)據(jù)耦合性服務(wù)可以復(fù)用邏輯在客戶端靈活性簡單展現(xiàn)前臺靈活業(yè)務(wù)類型業(yè)務(wù)處理在后臺業(yè)務(wù)處理在前臺邏輯分層–與ASP.NETMVC結(jié)合僅傳遞用于顯示的對象以REST調(diào)用為主與ASP.NETMVC結(jié)合publicclassCategoryController:Controller

{publicActionResultProducts(intid)

{returnJson(prods);//returnView();

}ASP.NETMVC業(yè)務(wù)邏輯層SOAPREST網(wǎng)絡(luò)訪問WebService訪問方式不同資源/REST

vs.調(diào)用/RPCREST具象狀態(tài)傳輸URI資源的狀態(tài)Http標準操作Get/PostRPC簡單對象訪問協(xié)議SOAP方法調(diào)用，復(fù)雜語義Http-BasedWebServiceSOAPREST網(wǎng)絡(luò)訪問－RPC/SOAP方式效勞端處理WCF支持SOAP客戶端調(diào)用－Proxy使用VisualStudio菜單工具AddServiceReference命令行工具SLsvcutil.exeSilverlight版本的svcutil.exe基于ChannelModel開發(fā)最靈活的方式網(wǎng)絡(luò)訪問－REST方式效勞端處理WCF支持REST[OperationContract][WebGet(UriTemplate="Northwind/Order/{orderId}")]OrderInfoMsgGetOrderInfo(stringorderId);客戶端調(diào)用WebClient數(shù)據(jù)處理XML:XmlReader,LinqtoXML,XmlSerializerJSON:LinqtoJSON,DataContractJsonSerializerRSS/AtomFeeds:網(wǎng)絡(luò)訪問－REST與SOAP比較RESTSOAP互操作性更優(yōu)是伸縮性容易是復(fù)雜度簡單較復(fù)雜協(xié)議僅HTTP多種協(xié)議安全性傳輸層加密消息層加密事務(wù)不支持支持處理邏輯面向資源面向調(diào)用平安機制認證(Authentication)授權(quán)(Authorization)身份傳遞(Credential)消息加密(Encryption)平安機制–身份傳遞身份信息如何傳遞給后臺效勞？Browser-Based(自動)WindowsAuthenticationASP.NETFormAuthentication/CookiesMessage-Based(手工)URL參數(shù)消息頭包含Username/Password或TokenBrowser-BasedAuthenticationExamplewithCookies+FormsAuthBrowserE.g.:ASP.NETlogin

User:

Password:YourDomainCredentialsAuthinfo(cookie)Servicecalls+AuthinfoBrowser-BasedAuthentication LoginthroughSilverlightUser:

Password:YourDomainCallwithcredentialsto

ASP.NETAuthServiceReplycontainscookieServicecalls+AuthinfoASP.NETAuthServiceBrowserBrowser-BasedAuthenticationUsingWindowsAuthenticationWindowslogin

User:

Password:YourDomainServicecalls+CredsBrowserMyBankLogin

User:

Password:MyBankCredentialsAuthinfo(e.g.cookie)惡意請求+Authinfo惡意網(wǎng)站惡意程序Couldstealor

changedata

ifprotectionwasn’tinplace

Browser-BasedAuthentication:

Cross-DomainThreatMessage-BasedAuthenticationIdentitymanagedbySilverlight,nottheBrowserUser:

Password:YourDomainCredsareaddedbySilverlight,notbrowserNo

credsBrowser惡意網(wǎng)站Message-BasedAuthentication:選擇1:修改接口[OperationContract]publicdecimalGetActBal

(intactID,stringuser,stringpwd);選擇2:通過WCF的WS-Security在SOAP包頭中自動插入身份信息<basicHttpBinding><bindingname="myBinding"><securitymode="TransportWithMessageCredential"><messageclientCredentialType="UserName"/></security><sTransport/></binding></basicHttpBinding>平安機制–認證和授權(quán)效勞端如何認證和授權(quán)？Message-Based身份if(!OperationContext.Current.ServiceSecurityContext.PrimaryIdentity.IsAuthenticated)thrownewSecurityException();//標準WCF方法Browser-Based身份if(!.Identity.IsAuthenticated)thrownewSecurityException();//ASP.NETMembership平安機制–消息加密傳輸層加密消息層加密點到點安全，從Brower到Server端到端安全，從App到App對整個消息加密可以對消息的局部加密支持單一傳輸協(xié)議，例如HTTP支持混合傳輸協(xié)議，例如HTTP+TCP常用實現(xiàn)：HTTPS,SSL常用實現(xiàn)：SOAPWS-Security完整，真實，防篡改兩種選擇：傳輸層加密，消息層加密Silverlight應(yīng)用架構(gòu)界面模型邏輯分層網(wǎng)絡(luò)訪問平安機制百度應(yīng)用Silverlight版百度Hi界面模型選擇單體RIA源自Web版的風格Silverlight3.0暫時缺乏多窗口模型單體RIA的問題耦合度高，難以維護——來自Web版的經(jīng)驗利用MVC別離來解決Code-BehindASPX/XAML(View)CS/VB(Code-Behind)從Win/WebForms到MVC<ButtonOnClick=“…〞>…</Button>privatevoidButton_OnClick(…){…}從Win/WebForms到MVCMVCASPX(View)CS/VB(Controller)<formaction=“…〞>…</form>publicActionResultSearch(…){ViewData=…;returnView();}ViewDataSilverlightMVC實踐BindingXAML(View)CS/VB(Controller)<ButtonClick=“…〞>…</Button>privatevoidButton_Click(…){…Counter.Value++;}BindingSilverlightMVC實踐BuilderXAML(View)CS/VB(Controller)<ButtonClick=“…〞>…</Button>privatevoidButton_Click(…){Counter.Value++;builder.Update();}Builder邏輯分層統(tǒng)一調(diào)用百度IMAPI隱藏后端邏輯百度IMAPISilverlight版百度Hi網(wǎng)頁版百度Hi第三方客戶端〔方案支持〕異步模型調(diào)用單個異步函數(shù)RetrieveUserAsync(username)

.AddCallback(user

=>ProcessUser(user));多個異步函數(shù)組成工作流Async.Chain()

.Next(context=>FirstStep(context))

.Next(context=>SecondStep(context))

.Next(context=>Th